Mozilla ponders policy change after Firefox extension battle

Article Source Ars Technica
May 4, 2009, 10:11 am

One of the greatest strengths of the Firefox Web browser is its powerful extension system, which gives third-party developers the ability to expand the browser’s capabilities. Although this extensibility delivers a lot of value to Firefox users, it also creates some thorny problems. The darker side of Firefox add-ons was exposed last week when a conflict between the developers of the two popular extensions got out of hand. The situation has compelled Mozilla to propose a policy change aimed at curbing bad behavior in add-ons.

Firefox’s extension system is really just an officially supported mechanism for monkey-patching the browser. Extensions are not isolated or sandboxed. They are broadly permitted to manipulate the browser’s behavior and user interface at will and can easily tamper with the functionality of other extensions. This approach to extensibility is a double-edged sword. Although it allows developers to create extremely useful extensions that can deeply integrate with virtually any aspect of Firefox, it simultaneously opens the door for troubling security problems and compatibility issues.